Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
13846
2023-04-16 16:20
41231.exe
b572fd75f4e8bedd4c0fd500e76f32db
AntiDebug
AntiVM
MSOffice File
Code Injection
ICMP traffic
RWX flags setting
exploit crash
unpack itself
Windows utilities
Tofsee
Windows
Exploit
DNS
crashed
5
Info
×
camo.githubusercontent.com(185.199.108.133)
fonts.googleapis.com(142.250.207.106)
172.217.27.42
142.251.220.42
185.199.110.133 - malware
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
6.0
M
ZeroCERT
13847
2023-04-16 16:16
001.exe
5079a574e95863dcac4206efca348b15
Malicious Library
PE64
PE File
VirusTotal
Malware
Checks debugger
crashed
2.0
M
43
ZeroCERT
13848
2023-04-16 16:15
index.php
99d09bbf9eb3ea2864f7b540090ca89d
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
1.6
M
21
ZeroCERT
13849
2023-04-16 08:56
Software.3.2.exe
6bd02e751b2b2033e163645d2d818ea0
PWS
.NET framework
RAT
.NET EXE
PE File
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
suspicious TLD
Tofsee
ComputerName
2
Info
×
tryno.ru(95.211.16.66)
95.211.16.66 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
46
ZeroCERT
13850
2023-04-16 08:55
kiskis.exe
ae2ee76a62c4208b7bfb858cbce6a07e
Themida Packer
PE64
PE File
VirusTotal
Malware
unpack itself
Windows
crashed
3.2
24
ZeroCERT
13851
2023-04-14 22:26
AllSignatures.plist
bbf1e97143f061f2ab2d3ea27ff68da8
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
BRY
13852
2023-04-14 18:10
davidfc.exe
77ad6e3ff909ad3828bdcffd4720deac
RAT
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
Check virtual network interfaces
suspicious process
malicious URLs
IP Check
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
keylogger
2
Keyword trend analysis
×
Info
×
http://apps.identrust.com/roots/dstrootcax3.p7c
https://api.ipify.org/
6
Info
×
api.ipify.org(104.237.62.211)
upload-wefiles.com(104.21.29.216)
195.58.39.94
104.21.29.216
23.53.228.10
64.185.227.155
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING ZIP file exfiltration over raw TCP
SURICATA Applayer Detect protocol only one direction
16.0
M
43
ZeroCERT
13853
2023-04-14 18:07
37836632498586869767.bin
5e1360b5ee1d7978a48bf7892291d7d4
Gen1
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
RWX flags setting
unpack itself
Windows utilities
WriteConsoleW
Windows
ComputerName
crashed
4.0
M
47
ZeroCERT
13854
2023-04-14 18:07
74134271465999811757.bin
8c8f6bd95d195dc90693368e807e4044
Gen1
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
Windows utilities
WriteConsoleW
Windows
ComputerName
crashed
3.6
M
52
ZeroCERT
13855
2023-04-14 18:05
sydney.exe
22f586f44c42f4391e56f4fa69a4a15f
Admin Tool (Sysinternals etc ...)
SMTP
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
PDB
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
IP Check
Tofsee
Windows
Browser
Email
ComputerName
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
https://api.ipify.org/
2
Info
×
api.ipify.org(104.237.62.211)
64.185.227.155
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.4
M
28
ZeroCERT
13856
2023-04-14 18:05
update_v101.exe
5505dc203820a5a773695fbdb25d79ea
Generic Malware
Themida Packer
UPX
.NET EXE
PE File
PE32
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
buffers extracted
unpack itself
Checks Bios
Collect installed applications
Detects VMWare
VMware
anti-virtualization
installed browsers check
Windows
Browser
ComputerName
Firmware
Cryptographic key
Software
crashed
2
Info
×
mt.hostiko.com.ug(79.137.192.4)
79.137.192.4
8.8
M
31
ZeroCERT
13857
2023-04-14 17:49
contents
c3d54390a6d81bdb1556803767d040e9
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
BRY
13858
2023-04-14 17:49
31A1C087-CB71-4F3D-8B97-898F09...
c7392844239a6c803c44ccd7c4f8b267
ZIP Format
guest
13859
2023-04-14 17:49
contents
c3d54390a6d81bdb1556803767d040e9
Downloader
Create Service
DGA
Socket
DNS
Hijack Network
Code injection
HTTP
PWS[m]
Sniff Audio
Steal credential
Http API
P2P
Internet API
Escalate priviledges
persistence
FTP
KeyLogger
ScreenShot
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
ET INFO TLS Handshake Failure
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.2
BRY
13860
2023-04-14 13:40
payload2.dll
f249ab6266b09f71f05c85a966f8f3d7
PWS
.NET framework
RAT
UPX
Malicious Library
Malicious Packer
OS Processor Check
.NET EXE
PE File
PE32
Malware download
AsyncRAT
NetWireRC
VirusTotal
Malware
DNS
DDNS
2
Info
×
wbem.ddns.net(147.189.170.192) - mailcious
147.189.170.192 - mailcious
3
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
ET MALWARE Generic AsyncRAT Style SSL Cert
1.6
53
ZeroCERT
First
Previous
921
922
923
924
925
926
927
928
929
930
Next
Last
Total : 49,435cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
